FOR IMMEDIATE RELEASE
Contact: Alexis Wilson, MTEC
Phone: (845)391-8214
Email: alexis.wilson@hvtdc.org
Alert: Your Data Has Been Compromised
(Highland, NY) — Cybercrime is making headlines in a big way. What first became a concern in 2005 is now making daily news. From Target to Equifax to Dunkin Donuts, the companies that you trust every day to secure your personal data are reporting that your information has been compromised. As consumers, we often forget that when the data of a company is compromised, employee data is often grouped in, as well. We can’t control how an external company handles our information but we do play a role in the protection of our data at our place of work every time we clock in.
The best way to determine vulnerabilities within a company’s cybersecurity framework is by having a third-party conduct an assessment against the NIST 800-171 standard. This standard covers every facet from network security to physical security and even employee training. Manufacturers and other small businesses face a particularly high level of risk because they allocate so little resources to protecting their data, approximately only $500 annually on average, and hackers know that. Due to this, it is also common for your average small-to-medium-sized business to go over six months without detecting a security breach.
This September, the Manufacturing and Technology Enterprise Center (MTEC), the Hudson Valley local non-profit business consulting firm, completed a round of assessments involving nearly two dozen companies from the Hudson Valley Region down to Long Island most doing a considerable portion of their business with the Department of Defense. In a simple three-step process, the cybersecurity team was able to assess the companies for vulnerabilities and provide remediation solutions that are deemed satisfactory to the NIST 800-171 standard. Only after completing all of the remediations can a company attest that they are performing at the NIST Standard of cybersecurity practices.
In the world of DoD manufacturers, conforming to this standard is becoming less and less negotiable. Another force pushing this standard is the recent amendment made to the NY SHIELD Act which is placing penalties on companies in neglect by March 2020 and affects all businesses that hold personal data. In order to considerably reduce that penalty, a company must be aware of their vulnerabilities and have a plan to address them by the date mentioned. One way of accomplishing this is through undergoing an assessment with a third-party cybersecurity service provider. This small investment can save your business up to $250,000 in fines.
If you have any questions about this information, you can reach Alexis Wilson at (845)391-8214 or alexis.wilson@hvtdc.org